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Sir 

DECLARATION UNDER 37 C.F.R 81.131 

I, David Anthony Cook, the Applicant in the above identified patent application, 
declare as follows: 
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I I am the inventor of the subject matter of the above-identified patent application. 

2. At ell relevant times I have been under an obligation to assign the above-identified 
patent application to Cisco Technology, Inc., whose address is 170 West Tasman 
Drive, San Jose, CA 95 1 34-1 706. 

3 . As set forth herein, the subject matter claimed in the above-identified patent applica- 
tion was conceived by me within the United States before Apr. 22, 2003. Further, 
from before Apr. 22, 2003 to Sept 18, 2003, the filing date of the above-identified 
patent application, I diligently worked to reduce the invention to practice. 

CONCEPTION 

4. Attached hereto as Exhibit A is a true and correct redacted copy of an invention dis- 
closure report titled "Mechanism to Determine TTL Capabilities without Negotia- 
tion." The invention disclosure report was prepared prior to Apr. 22, 2003 and dem- 
onstrates conception before that date, Dates and certain confidential mfonnation, for 
example, personal telephone numbers, on Exhibit A have been redacted. 

5. Attention is directed to the Summary section of Exhibit A, which describes auto- 
matically determining which TTL method a peer is using, in part by sending an ini- 
tial packet with a first TTL parameter. The Summary section goes on to describe 
that, if this message is received and acknowledged, it may be assumed that the peer 
supports the new TTL parameter, and if no acknowledgement is received, then ses- 
sion/adjacency establishment may be retried with an old TTL parameter. 

REDUCTION TO PRACTTCf 

6. On information and belief, the invention described in the above-identified patent ap^ 
plication, was reduced to practice no later than Sept 18, 2003. On Sept 18, 2003 
the above-identified patent application filed with the USPTO, constructively reduced 
the invention to practice. 
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DILIGENCE 

During the time span from prior to Apr. 22, 2003 to Sept. 18, 2003, 1 diligently 
worked to reduce the invention to practice. In part, I worked on preparing the 
above-captioned patent application. Specifically, I provided detailed information re- 
garding; ray invention to a patent attorney, and reviewed and commented upon one 
or more drafts to prepare die patent application filed on Sept 1 8, 2003. 
As inventor of the identified patent application, I hereby declare that all the state- 
ments made herein, to my own knowledge, are true, and that all statements made on 
information and belief are believed to be true. I further declare the statements herein 
were made with the knowledge that willful false statements and the like are punish- 
able by fine or imprisonment, or both, under §1001 of Title !8 of the United States 
Code, and that any such willful false statements may jeopardize the validity of any 
patent the might issues from the present application. 



David Anthony Cook 
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This report contains the following 1 ideas: 






Idea No. 


Title 


Inventors 


Entered 


Updated 


270924 


Mechanism to Determine TTL Capabilities without 
Negotiation 


David Cook (dacook) 


• 




Report generated: , , V- 



Submitted: 
Modified: 



REDACTED 



CPOL No.: 270924 
Seq No.: 7287 
Docket: — 



History: — 



status: i n Process 
Origin: Cisco 



Type: Regular 



Attorney Info 

Name: Kuh 
Assigned: 
Drafter: 



US Filing Info 

Filed: — 
Serial No.: — 



Application: No 
Req Non-Pub: No 
Assignments: No 



Issuance Info 



Date issued: ■ 
Patent No.: 



David Cook (dacook) 
Type: Regular 



: RESEARCH TRIANGL 



Manager: aretana 
Division: ITG 



^Background :'j.;; : ; ; ■ 

Historically BGP transmits packets with a TTL of 1 for all directly connected 
peers. For all incoming BGP packets, the TTL can then be checked to ensure 
that it is 0. Recently, it has been accepted that it is more secure to use a 
TTL of 255 for transmitted BGP packets. Incoming BGP packets should then have 
a TTL of 254 for directly connected peers. Therefore, attacks on BGP must 
originate on the link that connects the peers in order to have a TTL of 254. 
Multihop BGP can use this same method by only accepting packets with a TTL of 
253 or less corresponding to the number of hops between BGP peers. In order to 
use this new TTL method for BGP sessions, it must be configured on a per-peer 
basis. Configuring this option on potentially thousands of peering sessions is 
time consuming and increases the possibility of config mismatches that prevent 
peering sessions from being established. A method is needed to automatically 
detect whether a peer supports and is using this option. 



Summary 

In order to automatically determine which TTL method a peer is using, the 
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initial packet (used to establish the session/adjacency) can first be sent 
a u TTL ° f 255 • If this message is received and acknowledged, it can be assumed 
that the peer supports sending the new TTL. If no acknowledgement is received 
then the session/adjacency establishment is retried with the normal TTL of 1 
(or the number of hops in the case of BGP multihop) . This method allows old 
and new implementations to interoperate together without extra configuration 
The security benefit of sending a TTL of 255 is automatically realized if it i- 
supported by both peers. This is a brand new problem in session/adjacency 
establishment that is being solved. Also, there is no previous method that 
uses TTL exploration to determine a peer's capability and configuration 
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■.Advantages' \ 

It avoids any changes to the current protocol specification. Also, no manual 
configuration is necessary to realize the benefits. 



Cisco use 

This can be used on all Cisco implement anions incl iir.g 



The method of sending multiple packets with different TTLs and changing 
behavior based on the response to determine a speaker's configuration can be 
detected by monitoring the packets transmitted. If another company sends the 
same sequence of TTLs and responds in the same way, then it can be determined 
that they are using the same algorithm and method. 



Previous public use 



First written record date 



First written record URLs 



Supporting docs URLs 



IDs to other applications 



